View previous topic :: View next topic |
Author |
Message |
CADbloke
Joined: 07 Jan 2016 Posts: 25 Location: Sydney
|
Posted: Mon Oct 10, 2016 8:53 am Post subject: postback to Paypal IPN will require https from June 30, 2017 |
|
|
https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1916&viewlocale=en_US
Quote: | Merchants and partners use Instant Payment Notification (IPN) to receive notifications of events related to PayPal transactions. The IPN message service requires that you acknowledge receipt of these messages and validate them. This process includes posting the messages back to PayPal for verification. In the past, PayPal has allowed the use of HTTP for these postbacks. For increased security going forward, only HTTPS will be allowed for postbacks to PayPal. At this time, there is no requirement for HTTPS on the outbound IPN call from PayPal to the merchant’s IPN listener. |
From that quote I understand that if you want to verify the Paypal payment then you will need to use https (SSL / TLS).
Sucks to be on Windows because my Linux host offers one-click Let's Encrypt (free SSL). Studiocoast want $99/yr for SSL but that also includes a dedicated IP Address (if there's any left?) which makes sending email through gmail/Google Apps more secure.
https://weblog.west-wind.com/posts/2016/Feb/22/Using-Lets-Encrypt-with-IIS-on-Windows - a good roundup but pretty-much useless for shared hosting, because you need shell access. |
|
Back to top |
|
|
Infralution
Joined: 28 Feb 2005 Posts: 5027
|
Posted: Mon Oct 10, 2016 9:40 pm Post subject: |
|
|
Your site does not need to be SSL in order for IPN.NET to post back to a HTTPS URL. In fact IPN.NET already posts back to https://www.paypal.com to verify PayPal posts. The article does suggest that we should change the address we are posting back to ipnpb.paypal.com - however this is not mandatory. _________________ Infralution Support |
|
Back to top |
|
|
|